Seated Between Pablo Escobar and Mahatma Gandhi

The Sticky Ethics of Anonymity Networks

Due to National Security Agency whistleblower Edward Snowden and his disclosure of two spy programs, PRISIM and Tempora (whether these programs focus their lenses domestically depends on who you talk to), many people are attempting to beef up their internet privacy. As individuals conduct cursory web surveys for what is available in the field of internet security, they are likely to be met with information about anonymity networks and, given its popularity, one in particular—Tor. However, not everyone is fervently downloading the free software offered by the Tor Project because some have reservations as to the ethics and uses that such networks provide.

The Tor Project provides software which reroutes internet traffic through a minimum of three random relays or “nodes” (hence the acronym T.O.R. or “The Onion Router,” i.e., layer upon layer, inevitably leading to nothing). At each node, the request is (re)encrypted, thereby concealing a user’s location—and, in theory, identity—from prying eyes, be they in the form of government surveillance, corporate data analysts, or internet stalkers and identity thieves. The motive for using Tor can be manifold: From superceding personal privacy violations by keeping one’s personal information from data collection agencies to individuals seeking freedom of information who live in areas where internet usage is restricted and monitored; i.e., China. At this time, Tor has approximately half a million active users worldwide and reports claim that over 36 million have taken advantage of the software.

The desire to isolate oneself from data collection agencies or “data miners” has become something of a hot-button issue within the last few years and is another reason people are seeking internet anonymity (evidenced by the popularity of third-party cookie elimination extensions). As corporations and insurance companies have found it useful to garner as much data as possible on their current and prospective clientele, many have resorted to a cavalcade of methods for gathering seemingly private, innocuous information: From culling social network profiles to the more invasive technique of imbedding HTML triggers in their advertisements which alert them to a person’s (continued) interest in their product (as they subsequently record and create a profile of the individual’s specific interests, tastes, and proclivities), data collection is now a multimillion-dollar industry. Acxion, based in Little Rock, Arkansas, is the most well-known data collector. Other big names include Datalogix, Epsilon, and BluKai.

Though the process can be rather involved, an example of how data collection impacts the average person involves an insurance company purchasing one’s profile from a data collection agency and reviewing the individual’s online purchases as well as internet browsing habits to determine if the prospective client is—or is likely to become—a smoker, a dog owner, or someone with a gambling problem. The catch is if an underwriter sees that an unmarried applicant has regularly web browsed for doctors who specialize in impotence, the applicant is deemed to at high(er) risk for an STD because he desires, and it taking measures to become, sexually active. The person’s rates are subsequently increased. In other words, this far exceeds the ethics involving the refusal to cover pre-existing medical conditions because an individual now doesn’t need to be sick to be billed for a (yet-to-be or non-existent) condition.

Understandably, data collection, analysis, and incognito reporting are viewed by many to be a violation of a person’s private life. Others are discovering that their information has been purchased from such agencies by “people location services” and subsequently placed online. These “reports” typically divulge a person’s name, age, current and past residences, occupations, telephone numbers, and email address; social security number; tax and arrest records, and known relatives. As a result, anyone with a credit card can purchase this data.

With multiple rerouting, a person’s browsing history or IP address cannot be obtained or determined. An IP address reveals the location of the originating signal; i.e., your computer. It is recorded when a user enters websites which have tracking codes—either in the form of cookies, supercookies, web beacons, or pixel tags—installed and is included in the header information of most emails. Through the use of anonymity networks (AN), undercover investigators, law enforcement agents, and political activists can relay information without inadvertently distributing their location, as can victims of domestic abuse attempting to seek and retain safe harbor. This utility is also often sought after by parents concerned with the possibility of online predation. Admittedly, the advantage of online anonymity is twofold. The shrouding of one’s IP address permits a person free access to stolen or illicit goods: Pirated entertainment, money laundering schemes, insider trading tips, credit card fraud, child pornography, identity theft, and drugs.

A frequent reservation people give for not subscribing to an AN is fear of association: They do not want to be on the same fiber optic strand as drug dealers or child pornographers. (This is looking at the glass half-empty because a person could easily appeal for being alongside law enforcement officials, domestic abuse supporters, and human rights workers.) However, much like the issue concerning gun control, a person cannot force the hand of others in how they use the same product. Under identical reasoning, the AN naysayer would have to abstain from—not only firearm ownership—but any other item which they could not conclusively argue doesn’t have the capacity to harm others;  i.e., knives, alcohol, drain cleaner, cheese (the greatest source of saturated fat in American diets, which is the foundation for the leading cause of death in the U.S., heart disease), tobacco (cancer is the second leading cause of death), high fructose corn syrup (diabetes is the seventh leading cause of death), etc. These potentially lethal items are left on the market because people are permitted to decide how to access and utilize them. If they opt to exploit such products to malicious ends, they are left with the consequences.

Merely because unlawful activity via an AN cannot be traced back to its initial source does not make it inherently malevolent: A knife which—like Tor—can be used for good or ill can be wiped of fingerprints after being used as a murder weapon, thereby leaving its owner anonymous. Again, we must remember what would be forsaken if ANs were not available: personal privacy, security, and the free transmission of potentially life-saving information.

Others express concern as to whether it is lawful to veil a computer’s identity. For fear of trade secrets being compromised, it is standard industry practice for corporate employees to cloak their IP address when transmitting business data electronically. Some business professionals utilize Tor while others use proxy switches or virtual private networks (VPNs). The security risk with the latter pair is that data logs may be created and stored and, due to VPNs small size, data size and transmission times from request to delivery can expose the user’s identity.

Another common hesitation for not utilizing Tor’s programming is that because Tor uses various nodes throughout the world to reroute signals, a person might be mistakenly identified as a child porn trafficker. A very large majority of Tor users are just that, browser clients, and aren’t part of the processing system. Unless a person voluntarily signs up to be—not a relay, wherein the individual is either Nos. 1 or 2 on the data transmission line and therefore untraceable—but an exit host, there is no possibility that the electronic request being made will be associated with one’s IP address. (It is worthy to note that because they are anonymous and voluntary, it cannot be confirmed that exit node resources are not government sponsored—due to their low volume demanding high cost to operate—in an effort to determine how much anonymous web traffic is illicit. However, even if this is the case, recorders have no method by which to trace the primary signal.) What’s more, if a user only accesses websites with a secure socket layer (SSL), where the url begins with “https”—as opposed to the standard “http”—even the exit node has no way of reading the request. As the Electronic Frontier Foundation’s interactive graph makes clear, if one implements Tor alongside SSL encryption, the user remains completely anonymous.

Lastly, there is the issue of whether ANs will be banned due to security concerns and, again, one would then be associated with an outlawed internet program (even though a grandfather clause would be applicable). Admittedly, this has been a congressional consideration but not one without an ironic footnote: The now defunct Stop Online Piracy Act included a clause which would have forbidden the use or distribution of Tor software. However, the Tor Project was at one time sponsored by the U.S. Naval Research Laboratory. Furthermore, the Tor Project is a 501(c)(3) research-education nonprofit organization. It is financially supported, in part, by the U.S. State Department. Current sponsors include the federal agencies of the Broadcasting Board of Governors and National Science Foundation.

The only inherent flaw within the Tor system is the possibility of what is referred to as an “end-to-end timed attack” also called a “correlation attack.” Like a VPN, if a hacker is at both ends of an electronic communication—initial point of origin and final destination—the attacker can determine if the request was make by User X via the transmission time. However, this type of infiltration is extremely difficult because, unlike VPNs where the proxy goes from Point A to B, Tor reroutes the signal through multiple, random Internet Service Providers (ISPs). Moreover, since directional flow is randomly determined, discovery of the exit node is problematic and is further obfuscated by the varying server speeds. For a hacker to successfully complete a timed attack, the individual must know where a user is, where the request is (ultimately) headed, and the ISP traffic on each node so as to compensate for—and properly calculate—differentiating server speeds. Timed defense includes an AN incorporating “constant rate cover traffic.” This places simultaneous dummy requests on the circuit so as to make the fingerprinting of an authentic request more difficult.

Regardless of motive, whether it be in defense of the perpetually evolving cat-and-mouse game of tracking and blocking of data collection agencies, to escape an abusive spouse, distribute drugs, or launder funds through underground channels, anonymity networks such as Tor provide almost impenetrable security for its user. For now, such systems are legal and utilized by a wide array of ever-growing people. However, like assault weapons, should they be found to do more harm than the benefits they provide, anonymity programs could well be outlawed. Their fate lies in the hands of their users.

Michael Gurnow is a former pre-law professor whose political bestseller The Edward Snowden Affair: Exposing the Politics and Media Behind the NSA Scandal is cataloged in the Library of Congress.  His expertise lies in Constitutional Law, specifically the First and Fourth Amendments.  He is a lifelong Missouri resident. Read other articles by Michael.